PrivateGPT 操作系统命令注入漏洞

PrivateGPT is an AI project open-sourced by Zylon. An operating system command injection vulnerability exists in PrivateGPT version 0.3.0 and earlier, which stems from the presence of a Python command injection vulnerability that could allow an attacker to execute arbitrary commands on the system...

Fedora 40 : python3.6 (2024-c8cc025262)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c8cc025262 advisory. Security fix for CVE-2024-9287 rhbz2321659 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python that stems from the urllib.parse.urlsplit function and the urlparse...

RHEL 8 : python3.11 (RHSA-2024:8838)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8838 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Amazon Linux 2 : python3 (ALAS-2024-2687)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2687 advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion ...

Amazon Linux 2 : python (ALAS-2024-2686)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2686 advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion o...

RHEL 7 : python3 (RHSA-2024:8490)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8490 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

actinia-core (>=4.11.0 <=4.14.1), admetica (>=1.3.0 <=1.4.1) +231 more potentially affected by CVE-2024-49766 via werkzeug (>=3.0.0 <=3.0.4)

werkzeug PYPI version =3.0.0, =4.11.0, =1.3.0, =0.1.1, =0.1.0, =0.0.3.20, =0.9.9, =2024.7.18.1, =0.0.1, =0.0.12, =1.9.0, =3.2.2, =3.4.3 and more Source cves: CVE-2024-49766 Source advisory: SNYK:PYTHON-WERKZEUG-8309091...

ROS-20241017-18

Vulnerability in the 'http.cookies' standard library module of the Python programming language interpreter CPython is related to inefficient regular expression complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Ubuntu 14.04 LTS : Python vulnerability (USN-7015-4)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7015-4 advisory. USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Python vulnerability (USN-7015-3)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7015-3 advisory. USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for...

RHEL 8 : python3 (RHSA-2024:7417)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:7417 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

K000141253: Python vulnerability CVE-2024-22195

Security Advisory Description Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja...

SUSE CVE-2024-8947

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +347 more potentially affected by CVE-2024-5998 via langchain-community (>=0.0.1 <=0.2.1)

langchain-community PYPI version =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.0.18, =0.2.0, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.19.0, =0.30.0 and more Source cves: CVE-2024-5998 Source advisory: SNYK:PYTHON-LANGCHAINCOMMUNITY-11356595...

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

AZL-48740 CVE-2024-6232 affecting package tensorflow for versions less than 2.16.1-7

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

AZL-48125 CVE-2024-8088 affecting package python3 for versions less than 3.12.3-4

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

ALPINE-CVE-2024-8088

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python has a security vulnerability that stems from the parser's use of algorithms with quadratic complexity,...